Apple offered updates to iOS, macOS, and iPadOS after discovering several vulnerabilities as well as a zero-day flaw that was exploited by cybercriminals.
Since the beginning of the year, the Apple brand has corrected seven zero-day vulnerabilities, these security flaws were detected and exploited by cybercriminals before developers can even notice them. In each case, they were actively exploited.
Updates available
“Apple is aware of a report that this problem may have been actively exploited,” the company acknowledged in a brief statement relayed by the specialized site The Hacker News. Thus, the identifier CVE-2022-32917 has been assigned to the flaw which is rooted in the kernel of the operating system and, therefore, can allow a malicious application to execute arbitrary code with kernel privileges.
This is the second kernel-related zero-day flaw that Apple has patched in less than a month. If you have an iPad, an iPhone, or a Mac, do not hesitate to quickly perform the update offered by the Cupertino company. The versions you need to install are iPadOS 15.7, iOS 15.7, macOS Big Sur 11.7, and macOS Monterey 12.6 respectively.
For iPadOS and iOS, affected devices are iPhone 6S and later, all iPad Pro models, iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, as well as the 7th generation iPod Touch.
iOS 16 bets on security
Of course, the transition to iOS 16, officially deployed yesterday, also allows vulnerabilities to be corrected. Apple additionally fixed 10 other security flaws in its new operating system, covering Contacts, Kernel Maps, MediaLibrary, Safari, and WebKit.
Logically, iOS 16 should make it possible to remedy problems related to cybersecurity more quickly, in particular thanks to its new function called Rapid Security Responses. The latter allows security patches to be automatically installed on iOS devices without a full operating system update. The Apple brand also plans to further strengthen the security of its devices through future updates to the operating system.
TechAint 